Antw: [EXT] Re: advice on how to address selinux-autorelabel issue with userdbd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>> Lennart Poettering <mzerqung@xxxxxxxxxxx> schrieb am 14.07.2020 um 09:50
in
Nachricht <20200714075029.GC180968@gardel-login>:
> On Di, 14.07.20 09:10, Dac Override (dac.override@xxxxxxxxx) wrote:
> 
>> selinux-autorelabel needs to be able to resolve users. Currently users
>> managed with systemd-serdbd are not resolvable in the
>> selinux-autorelabel.target..
>>
>> Should I be able to pull systemd.userdvd into the
>> selinux-autorelabel.target? Is there a better way to ensure that homed
>> users are resolvable when selinux-autorelabel.service runs?
> 
> systemd-homed runs after /home, and the selinux relabel stuff runs
> much earlier, no?
> 
> How does this work for LDAP/NIS/… users? They typically are late boot
> stuff too?

Yes, it is a problem even at different places: You cannot use an LDAP user for
any tmpfiles, even if the directory is used only after LDAP us up. Also the
password utilities refuse to add the same user locally that exists in LDAP.
Typically I restart the tmpfiles unit again manually and then things are OK.
(In this regard NFS "bg" mounts are much smarter than systemd's tmpfiles
unit.)

> 
> Lennart
> 
> --
> Lennart Poettering, Berlin
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@xxxxxxxxxxxxxxxxxxxxx 
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel 



_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux